SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
International Women’s Day
269 opinions Read now

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Moody datacenter ai face circuitry over broken locks security threat
#
Data Protection
#
Digital Transformation
#
Encryption

AI emerges as the leading global data security threat

Thu, 26th Feb 2026
Author image
By Sofiah Nichole Salivio, News Editor

Artificial intelligence is now the most frequently cited data security risk for organisations, according to a new global study commissioned by Thales and conducted by S&P Global 451 Research.

The 2026 Thales Data Threat Report found that 61% of respondents ranked AI as their top data security threat across 20 markets and 17 industries. It also highlighted concern about the pace of change, with 70% citing the speed of AI development as the main AI security risk.

The findings come as businesses deploy AI across customer service, analytics, software development and internal workflows. The report argues that these systems often gain broad access to enterprise data and operate with fewer controls than human users.

It describes this as a shift in the nature of insider risk. Automated systems can access, move and act on data at a scale that magnifies the impact of weak governance and gaps in control coverage.

"Insider risk is no longer just about people. It is also about automated systems that have been trusted too quickly," said Sebastien Cano, Senior Vice President, Cybersecurity Products, Thales. "When identity governance, access policies, or encryption are weak, AI can amplify those weaknesses across corporate environments far faster than any human ever could."

Visibility gaps

The report points to longstanding data management issues now colliding with wider AI adoption. Only 34% of organisations said they know where all their data resides, regardless of criticality. Just 39% said they can fully classify it.

Encryption coverage remains uneven, particularly in cloud environments. Nearly half of sensitive cloud data (47%) is still unencrypted, the study found.

AI tools often ingest and act on data from cloud services and software-as-a-service platforms. Limited visibility makes it harder for security teams to apply least-privilege access, which restricts access rights to what a user or system strictly needs. The report warns that weak visibility increases exposure if credentials are compromised.

Identity attacks

The study frames identity infrastructure as a key battleground, with cloud environments a major focus. Credential theft was the leading attack technique against cloud management infrastructure, cited by 67% of organisations that experienced cloud attacks.

Application security pressures also featured prominently. Half of respondents ranked secrets management among their top application security challenges, reflecting the growing number of non-human identities and the spread of API keys and tokens used by automated tools and software components.

The report links these issues to a shift towards machine-driven access. Machines increasingly authenticate and act autonomously across systems, changing how organisations need to approach identity governance and access control.

Deepfakes and misinformation

The research also highlights how AI is reshaping the social engineering landscape. Nearly 60% of companies said they have experienced deepfake-driven attacks.

Reputational damage from AI-generated misinformation also emerged as a material concern. Some 48% of respondents said they had suffered reputational harm linked to AI-generated misinformation or impersonation campaigns.

The report treats these risks as an extension of identity-based threats, rather than a separate category. More convincing impersonation attempts can increase the likelihood that employees disclose credentials or approve fraudulent transactions.

Human error already contributes to a sizeable share of breaches, which the study puts at 28%. It warns that automation can increase the speed and spread of mistakes, even when the initial error is small.

Budget pressure

Security investment is starting to shift, but many organisations still fund AI risks through programmes designed for earlier operating models. The report found that 30% now allocate dedicated budgets to AI security.

At the same time, 53% still rely on traditional security budgets, which tend to focus on human users and perimeter-based controls rather than machine identities and automated access patterns.

Thales argues that organisations should place greater emphasis on encryption, visibility and identity controls as AI becomes embedded in day-to-day operations.

Eric Hanselman, Chief Analyst at S&P Global 451 Research, said AI's growth in enterprise environments is changing baseline expectations for data protection.

"As AI becomes deeply embedded into enterprise operations, continuous data visibility and protection are no longer optional," Hanselman said. "Organisations must treat data security strategy as foundational to innovation, not separate from it."

The report concludes that AI does not replace existing threats, but intensifies them by increasing speed and scale while expanding the reach of systems with access to sensitive information.

Related stories
Preserving our voice: Why women must shape the future of AI and cybersecurity
Bridging the gap: Cybersecurity breakthroughs and imbalances
In a cost-pressured AI race, operational maturity is now the competitive advantage
UK AI budgets shift to data infrastructure & storage
Teramind launches AI governance to tackle shadow AI

Top stories

Safe AI needs all voices: Celebrating the women who help drive CSA's AI safety initiative
Autonomous AI 'agentic customers' set to reshape banks
Reversec names Åse Holmberg Zetterlund as Chief Executive
How women in cyber change the conversation at board level
The weight women carry